Changelog for 1.47.0 does not properly warn about critical bug
Hello, I discovered this bug by accident https://svn.boost.org/trac/boost/changeset/68866 which was only linked via the ticket mentioned below, The code below demonstrates that ANY wide-character string of the same length resolves to the same UUID ! Thats pretty darn serious, I expected to see a much more serious mention in the Changelog in boost 1.47.0... for UUID, there was only a mention of a few tickets including this one: https://svn.boost.org/trac/boost/ticket/5145 which only mentioned a WARNING in the description ! "Fixed warning: use of logical && with constant operand; switch to bitwise & or remove constant [-Wconstant-logical-operand]" Surely it should say something like "UUIDs for wide character strings are totally wrong" Note also that the Changelog link for UUID goes to Utility, not UUID. The code: #include <boost/uuid/name_generator.hpp> #include <boost/uuid/nil_generator.hpp> #include <boost/uuid/uuid_io.hpp> #include <iostream> using namespace boost::uuids; using namespace std; int main() { { cout << "WIDE" << endl; const wchar_t* a = L"one long string that is something like this and that blahh"; const wchar_t* b = L"hello there you long long string that looks nothing like t"; nil_generator nil; name_generator na(nil()); name_generator nb(nil()); uuid ua = na(a); uuid ub = nb(b); cout << to_string(ua) << endl; cout << to_string(ub) << endl; } { cout << "NARROW" << endl; const char* a = "one long string that is something like this and that blahh"; const char* b = "hello there you long long string that looks nothing like t"; nil_generator nil; name_generator na(nil()); name_generator nb(nil()); uuid ua = na(a); uuid ub = nb(b); cout << to_string(ua) << endl; cout << to_string(ub) << endl; } return 0; } the result: $ g++ main.cpp && ./a.out WIDE 4ffa48af-9685-5089-97ac-fe6627ead94c 4ffa48af-9685-5089-97ac-fe6627ead94c NARROW 73030b72-a864-5c7b-9963-c0bedff1283e da8943a6-26c9-5641-bd37-427b1b70d619 $ The two different wchar_t strings resolve to the same uuid !!! What am I doing wrong? thanks Paul
Cross-posting to the developers list, fixing the title. This sounds like a serious bug, possibly worthy of a point release. Can anybody confirm and chime in? On 8/5/2011 4:20 AM, Paul Harris wrote:
Hello, I discovered this bug by accident https://svn.boost.org/trac/boost/changeset/68866 which was only linked via the ticket mentioned below,
The code below demonstrates that ANY wide-character string of the same length resolves to the same UUID !
Thats pretty darn serious, I expected to see a much more serious mention in the Changelog in boost 1.47.0... for UUID, there was only a mention of a few tickets including this one: https://svn.boost.org/trac/boost/ticket/5145 which only mentioned a WARNING in the description ! "Fixed warning: use of logical && with constant operand; switch to bitwise & or remove constant [-Wconstant-logical-operand]"
Surely it should say something like "UUIDs for wide character strings are totally wrong"
Note also that the Changelog link for UUID goes to Utility, not UUID.
The code:
#include <boost/uuid/name_generator.hpp> #include <boost/uuid/nil_generator.hpp> #include <boost/uuid/uuid_io.hpp> #include <iostream>
using namespace boost::uuids; using namespace std;
int main() { { cout << "WIDE" << endl; const wchar_t* a = L"one long string that is something like this and that blahh"; const wchar_t* b = L"hello there you long long string that looks nothing like t";
nil_generator nil; name_generator na(nil()); name_generator nb(nil());
uuid ua = na(a); uuid ub = nb(b);
cout << to_string(ua) << endl; cout << to_string(ub) << endl; }
{ cout << "NARROW" << endl; const char* a = "one long string that is something like this and that blahh"; const char* b = "hello there you long long string that looks nothing like t";
nil_generator nil; name_generator na(nil()); name_generator nb(nil());
uuid ua = na(a); uuid ub = nb(b);
cout << to_string(ua) << endl; cout << to_string(ub) << endl; }
return 0; }
the result:
$ g++ main.cpp && ./a.out WIDE 4ffa48af-9685-5089-97ac-fe6627ead94c 4ffa48af-9685-5089-97ac-fe6627ead94c NARROW 73030b72-a864-5c7b-9963-c0bedff1283e da8943a6-26c9-5641-bd37-427b1b70d619 $
The two different wchar_t strings resolve to the same uuid !!!
What am I doing wrong?
thanks Paul
-- Eric Niebler BoostPro Computing http://www.boostpro.com
On Fri, 05 Aug 2011 22:34 -0700, "Eric Niebler" <eric@boostpro.com> wrote:
Cross-posting to the developers list, fixing the title. This sounds like a serious bug, possibly worthy of a point release. Can anybody confirm and chime in?
I don't have access to code for the next few weeks to confirm, but just to be clear, the bug is fixed in 1.47, just not documented well. Correct?
On 8/5/2011 4:20 AM, Paul Harris wrote:
Hello, I discovered this bug by accident https://svn.boost.org/trac/boost/changeset/68866 which was only linked via the ticket mentioned below,
The code below demonstrates that ANY wide-character string of the same length resolves to the same UUID !
Thats pretty darn serious, I expected to see a much more serious mention in the Changelog in boost 1.47.0... for UUID, there was only a mention of a few tickets including this one: https://svn.boost.org/trac/boost/ticket/5145 which only mentioned a WARNING in the description ! "Fixed warning: use of logical && with constant operand; switch to bitwise & or remove constant [-Wconstant-logical- operand]"
Surely it should say something like "UUIDs for wide character strings are totally wrong"
I didn't realize that this bug manifested in this way. I agree that this wording is much better.
Note also that the Changelog link for UUID goes to Utility, not UUID.
Not sure what happened here. < snip > Regards, Andy
Sorry, didn't see this email come through until now ! On 14 August 2011 02:47, Andy Tompkins <atompkins@fastmail.fm> wrote:
On Fri, 05 Aug 2011 22:34 -0700, "Eric Niebler" <eric@boostpro.com> wrote:
Cross-posting to the developers list, fixing the title. This sounds like a serious bug, possibly worthy of a point release. Can anybody confirm and chime in?
I don't have access to code for the next few weeks to confirm, but just to be clear, the bug is fixed in 1.47, just not documented well. Correct?
Yes. I scan the ChangeLog of new releases to see if something important has been fixed, to determine if I need to upgrade immediately, or later (when I have time - I often skip one or two releases). Ideally, it would be good if there was a page for every OLD release, that lists serious bugs that existed in those older versions. That way, if you are working on a piece of software that uses eg 1.41.0, you can check the page to look for serious bugs that might need to be patched or worked around. I think this bug would fall into that category.
On 8/5/2011 4:20 AM, Paul Harris wrote:
Hello, I discovered this bug by accident https://svn.boost.org/trac/boost/changeset/68866 which was only linked via the ticket mentioned below,
The code below demonstrates that ANY wide-character string of the same length resolves to the same UUID !
Thats pretty darn serious, I expected to see a much more serious mention in the Changelog in boost 1.47.0... for UUID, there was only a mention of a few tickets including this one: https://svn.boost.org/trac/boost/ticket/5145 which only mentioned a WARNING in the description ! "Fixed warning: use of logical && with constant operand; switch to bitwise & or remove constant [-Wconstant-logical- operand]"
Surely it should say something like "UUIDs for wide character strings are totally wrong"
I didn't realize that this bug manifested in this way. I agree that this wording is much better.
Note also that the Changelog link for UUID goes to Utility, not UUID.
Not sure what happened here.
I looked at the online changelog for 1.47.0, I don't see any adjusted messages in there. Developers may still scan older Changelogs for important bug fixes, can we please get the message added? Thanks Paul
participants (3)
-
Andy Tompkins -
Eric Niebler -
Paul Harris